"These large network operators are quickly realising new operational efficiencies and monetisation opportunities from virtualising ('cloudifying') their infrastructure and services. The ability to add capacity dynamically when and where it is needed, so service velocity keeps pace with the needs of 21st century internet users, is no doubt a key technical and economic driver behind these initiatives," states Talbit Hack, manager for DDoS and ISP Visibility Product Management at Arbor Networks.

Virtualisation in all it's forms

Hack points out that network virtualisation, in particular, is taking multiple forms, including abstraction of software from dedicated service delivery infrastructure, software-defined networking (SDN), and virtualisation of network functions (NFV) that were previously performed by discrete devices.

"Virtualisation of service delivery infrastructure is already implemented or well underway in most service providers' data centres and hosting environments; transformation is still lagging in the transport and access parts of the network. They see virtualisation as a way to abstract software from the underlying physical infrastructure, lower their equipment costs and separate network control from traffic forwarding. Their ultimate aim is to simplify and 'flatten' the network and allow for more dynamic, scalable associations of network processes with service activities; in other words, to create a framework for deploying services in a more agile way from a pool of virtualised resources," he says.

In light of ambitious technical and business goals, virtualisation represents a significant enabler and disrupter. As traditional network architectures come under increasing strain and operational demands, virtualisation in its various forms holds the promise of making them more open, predictable, flexible, user- and service-friendly and lower cost to operate. But it will also almost certainly make networks more complex to integrate, manage, support and secure on a large scale, requiring a radical shift in operational assumptions and best practices.

New challenges

"Virtualisation clearly has value wherever services need to be deployed in an agile, dynamic way and to help absorb episodic and unpredictable traffic, however there are still cost and performance benefits to purpose-built networking systems in certain applications and at large scale. Rapid price/performance improvements in commodity server architectures are closing the gap, yet these platforms do not yet scale for complex, high-capacity network applications such as core routing and threat protection," explains Hack.

Virtualisation also introduces new challenges from a security perspective. For example, how do you provide traffic visibility into these dynamic, complex new virtual networking environments when traditional telemetry protocols such as NetFlow, SNMP, BGP, and more, may not be present? And how do you protect virtualised network and security functions - including the API services that underpin these functions - from protocol misuse and other unsanctioned inter-functional communication resulting from malicious acts as well as simple misconfigurations? "These and other as-yet-undiscovered architectural vulnerabilities will no doubt be addressed over time, but they nevertheless highlight the complexities inherent in major technology migrations," adds Hack.

Cheap and flexible

Network operators have traditionally designed networks to be cheap to buy. Managing cost has been of paramount concern due to the complexity and enormous fixed costs to build and operate a network. But in the internet age, rolling out compelling services demands far greater flexibility and speed than is possible with the static, manually intensive networks of today. So now operators must design them to be cheap to buy as well as fast and flexible to operate.

Efforts should be focused in the three areas where the greatest benefits for customers are identified: redirecting traffic via SDN control; leveraging the power of the network (that is, to provide overall visibility as well as to detect and block security threats as data centre forwarding fabrics evolve); and, virtualising platforms and services for seamless integration with both legacy and next-generation networks.